[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossig] single sign-on, SSH, VSFTP trouble
I have cracked my head over the week on this problem that I believe is a
simple one. Alas, its eluding me. Maybe one of you can see the solution
to the following problems.
I have Fedora Core 2 where users are authenticated to a MS Windows
Server (ADS maintains the user/password). All is fine can surf, email,
network. The name "domainuser" is authenticated by the ADS to
apiit.edu.my without problems. The host.deny is empty. My suspect is in
the PAM files at this moment. I list out the problems and symptoms.
1. local and remote users cannot login to VSFTP and SSH. I can only
connect via SSH if I issue the following:
ssh -l "domainuser" -o KerberosAuthentication=yes localhost
but for local user "linuxuser" it gives "Read from remote host
localhost: Connection reset by peer" and cannot login.
2. I can create a local user. Problem is I cannot login to either above
two service or to linux locally. How?
3. How else can I trace/troubleshoot?
B) Symptoms at FTP session:
1. I try to establish the connection. After the password it hangs for a
# ftp localhost
Connected to localhost (127.0.0.1).
220 Welcome to Nicholas FTP services
Name (localhost:nicholas): linuxuser
331 Please specify the password.
2. after a long time it displays
No control connection for command: Permission denied
3. I have placed the following to confirm that TCP wrappers are used in
vsftpd : ALL : spawn /bin/echo `/bin/date` Saya pakai tcp_wrappers
dengan VSFTP >> /var/log/messages
4. The messages "Saya pakai tcp_wrappers dengan VSFTP" appears in the
C) Symptoms at SSH session:
1. I try to establish SSH
# ssh -l linuxuser localhost
linuxuser@localhost's password: ***
2. After a long time
Read from remote host localhost: Connection reset by peer
Connection to localhost closed.
3. The /var/log/messages file shows my customised message "sshd using
tcp_wrappers" that hosts.allow is executed. It say granted access, but I
have a connection closed.
sshd using tcp_wrappers
pam_winbind: user 'linuxuser' granted access
D) contents of pam.d/vsftpd
auth required pam_listfile.so item=user sense=deny
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
To unsubscribe: send mail to firstname.lastname@example.org
with "unsubscribe ossig" in the body of the message